Digital Rights Management (DRM) technology prevents unauthorized distribution and copying of digital contents, allows only legitimate users to use the content, and manages the digital content copyright using a charging service.
Open Mobile Alliance (OMA) DRM, which is widely used as the de facto standard of the DRM technology, is standardized by an OMA standard body. The OMA DRM standard specifications provide that contents are encrypted, a key used for the encryption is packaged in the form of a Rights Object (RO), and the key is safely transmitted to a device such as mobile phone. After the start of the OMA DRM version 1.0 in 2002, the OMA DRM version 2.0 was released in 2006, and the OMA DRM version 2.1 was released in 2007. Secure Removable Media (SRM) standard version 1.0, which extends the DRM technology not only to the mobile phones but also to external memories such as memory card and smart card, was released in 2008. The SRM 1.0 standard is the extension of the OMA DRM 2.0 and has functions including Device to SRM Move which transfers the RO from the device to the memory card or the smart card, SRM to Device Move which transfers the RO from the memory card or the smart card to the device, and Local Rights Consumption which plays contents using the RO stored to the memory card or the smart card at the device.
Starting from the OMA DRM 2.0, the content encryption key is managed according to a Public Key Infrastructure (PKI) scheme. The PKI scheme, which makes use of powerful asymmetric key encryption such as an RSA encryption algorithm, is treated as the notably safe key management system. Disadvantageously, the PKI demands a system in which a powerful trust authority, such as the government, issues and manages the key.
The OMA DRM 2.0 functions to protect a protocol message carrying the RO from a service provider or the content provider to the device, to protect the content encryption key, to package the RO, to encrypt and package the contents, and to support a sharing technique of the RO between devices.
FIG. 1 depicts relations between a trust authority, a content provider or a service provider, and a device in the DRM system.
Referring to FIG. 1, the trust authority 100, which is called a Certification Authority (CA), issues the key to the service provider 110 or the device 120, and distributes the key to key users. When the user holding the key is compromised and the authorized use of the key is impossible, the trust authority 100 manages the key management system by revoking the key.
The problem with the PKI system adopting the OMA DRM 2.0 is that the OMA does not manage the trust authority. The OMA merely develops the technical standards. Accordingly, it is necessary to manage the key used in the OMA DRM by a trust authority of international reliability. In response to this, Content Management License Administrator (CMLA) was formed by Samsung Electronics, Nokia, Intel, and Panasonic in 2004, which is the PKI trust authority for the OMA DRM 2.0.
The CMLA operates a server which distributes and manages the PKI keys to the multimedia service provider, the content provider, and the device provider, who adopt the OMA DRM 2.0 technology. The system implementing the OMA DRM 2.0 standard can offer complete multimedia content services by receiving and installing the key of the CMLA.
External memories or smart cards do not have their own independent power source or network connection because of their mechanical feature, and always depend on the function of the device. In addition, external memories or smart cards, which can be easily attached and detached to and from the device, are highly likely to suffer from physical communication disconnection during communication.
Based on the characteristics of the SRM as discussed above, the SRM standard entrusts the trust authority with the determination of some of the functions. However, neither the OMA nor the trust authority considers technical details.